Go to file
2024-09-13 12:26:08 +00:00
_multibuild - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
.gitattributes - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
.gitignore - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
cavs_driver-ssh.pl - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
fix-audit-fail-attempt.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
fix-memleak-in-process_server_config_line_depth.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
logind_set_tty.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-6.6.1p1-selinux-contexts.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-6.6p1-keycat.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-6.6p1-privsep-selinux.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.6p1-cleanup-selinux.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-allow_root_password_login.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-cavstest-ctr.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-cavstest-kdf.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-disable_openssl_abi_check.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-eal3.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-enable_PAM_by_default.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-fips_checks.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-fips.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-host_ident.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-hostname_changes_when_forwarding_X.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-IPv6_X_forwarding.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-ldap.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-no_fork-no_pid_file.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-pam_check_locks.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-pts_names_formatting.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-remove_xauth_cookies_on_exit.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-seccomp_ipc_flock.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-seccomp_stat.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-send_locale.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-sftp_force_permissions.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-sftp_print_diagnostic_messages.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-systemd-notify.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-X11_trusted_forwarding.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-X_forward_with_disabled_ipv6.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.8p1-role-mls.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.9p1-keygen-preserve-perms.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.9p1-revert-new-qos-defaults.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.0p1-gssapi-keyex.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-audit.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-ed25519-use-openssl-rng.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-seccomp-clock_gettime64.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-seccomp-clock_nanosleep.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-use-openssl-kdf.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.4p1-pam_motd.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.4p1-ssh_config_d.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.4p1-vendordir.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.6p1-crypto-policies-man.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.6p1-crypto-policies.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.8p1.tar.gz - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.8p1.tar.gz.asc - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-askpass-gnome.changes - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-askpass-gnome.spec - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-do-not-send-empty-message.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-fips-ensure-approved-moduli.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-link-with-sk.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-mitigate-lingering-secrets.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-openssl-3.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-reenable-dh-group14-sha1-default.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-whitelist-syscalls.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh.changes - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh.keyring - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh.spec - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
README.FIPS - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
README.kerberos - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
README.SUSE - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
ssh-askpass - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
ssh.reg - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd-gen-keys-start - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd-sle.pamd - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.fw - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.pamd - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.service - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.socket - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd@.service - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sysconfig.ssh - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sysusers-sshd.conf - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
wtmpdb.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled and mostly even required, do not turn it off.

* In SLE15, root authentiation with password is enabled by default
  (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS